A Multi Threading Architecture For Multilevel Secure Transaction Processing

Information security is receiving a great deal of attention as computers increasingly process more and more sensitive information. A multilevel secure database management system (MLS DBMS) is designed to store, retrieve and process information in compliance with certain mandatory security requirements, essential for protecting sensitive information from unauthorized access, modification and abuse. Such systems are characterized by data objects labeled at different security levels and accessed by users cleared to those levels. Unless transaction processing modules for these systems are designed carefully, they can be exploited to leak sensitive information to unauthorized users. In recent years, considerable research has been devoted to the area of multilevel secure transactions that has impacted the design and development of trusted MLS DBMS products. Multilevel Secure Transaction Processing presents the progress and achievements made in this area. The book covers state-of-the-art research in developing secure transaction processing for popular MLS DBMS architectures, such as kernelized, replicated, and distributed architectures, and advanced transaction models such as workflows, long duration and nested models. Further, it explores the technical challenges that require future attention. Multilevel Secure Transaction Processing is an excellent reference for researchers and developers in the area of multilevel secure database systems and may be used in advanced level courses in database security, information security, advanced database systems, and transaction processing.

The Comprehensive Guide to Computer Security, Extensively Revised with Newer Technologies, Methods, Ideas, and Examples In this updated guide, University of California at Davis Computer Security Laboratory co-director Matt Bishop offers clear, rigorous, and thorough coverage of modern computer security. Reflecting dramatic growth in the quantity, complexity, and consequences of security incidents, Computer Security, Second Edition, links core principles with technologies, methodologies, and ideas that have emerged since the first edition’s publication. Writing for advanced undergraduates, graduate students, and IT professionals, Bishop covers foundational issues, policies, cryptography, systems design, assurance, and much more. He thoroughly addresses malware, vulnerability analysis, auditing, intrusion detection, and best-practice responses to attacks. In addition to new examples throughout, Bishop presents entirely new chapters on availability policy models and attack analysis. Understand computer security goals, problems, and challenges, and the deep links between theory and practice Learn how computer scientists seek to prove whether systems are secure Define security policies for confidentiality, integrity, availability, and more Analyze policies to reflect core questions of trust, and use them to constrain operations and change Implement cryptography as one component of a wider computer and network security strategy Use system-oriented techniques to establish effective security mechanisms, defining who can act and what they can do Set appropriate security goals for a system or product, and ascertain how well it meets them Recognize program flaws and malicious logic, and detect attackers seeking to exploit them This is both a comprehensive text, explaining the most fundamental and pervasive aspects of the field, and a detailed reference. It will help you align security concepts with realistic policies, successfully implement your policies, and thoughtfully manage the trade-offs that inevitably arise. Register your book for convenient access to downloads, updates, and/or corrections as they become available. See inside book for details.

Transaction processing (TP) applications are of use when solving a wide variety of data processing problems. Current commercial TP systems do not possess the ability to manage information at multiple security levels with high assurance. Department of Defense and Department of Navy Command, Control, Communication, Computers and Intelligence (C4I) applications handle information over a wide variety of classifications and compartments. The existence of TP applications that can securely process information of different classifications (with assurance) would save the DoD the need to create separate single level systems to process all necessary information. A trusted computing base (TCB) and security kernel architecture for supporting multi-threaded, queue-driven transaction processing applications in a multilevel secure environment has been designed. Intel's Pentium CPU architecture provides hardware with two distinct descriptor tables. One is used in the usual way for process isolation while the other is used for thread isolation. This allocation, together with an appropriately designed scheduling policy, permits us to avoid the full cost of process creation when only switching between threads of different security classes in the same process. where large numbers of transactions are encountered on transaction queues, this approach has benefits over traditional multilevel systems.

Introduction to Computer Security draws upon Bishop's widely praised Computer Security: Art and Science, without the highly complex and mathematical coverage that most undergraduate students would find difficult or unnecessary. The result: the field's most concise, accessible, and useful introduction. Matt Bishop thoroughly introduces fundamental techniques and principles for modeling and analyzing security. Readers learn how to express security requirements, translate requirements into policies, implement mechanisms that enforce policy, and ensure that policies are effective. Along the way, the author explains how failures may be exploited by attackers--and how attacks may be discovered, understood, and countered. Supplements available including slides and solutions.

Motivation Modem enterprises rely on database management systems (DBMS) to collect, store and manage corporate data, which is considered a strategic corporate re source. Recently, with the proliferation of personal computers and departmen tal computing, the trend has been towards the decentralization and distribution of the computing infrastructure, with autonomy and responsibility for data now residing at the departmental and workgroup level of the organization. Users want their data delivered to their desktops, allowing them to incor porate data into their personal databases, spreadsheets, word processing doc uments, and most importantly, into their daily tasks and activities. They want to be able to share their information while retaining control over its access and distribution. There are also pressures from corporate leaders who wish to use information technology as a strategic resource in offering specialized value-added services to customers. Database technology is being used to manage the data associated with corporate processes and activities. Increasingly, the data being managed are not simply formatted tables in relational databases, but all types of ob jects, including unstructured text, images, audio, and video. Thus, the database management providers are being asked to extend the capabilities of DBMS to include object-relational models as well as full object-oriented database man agement systems.

This book constitutes the thoroughly refereed post-conference proceedings of the 8th International Symposium on Trustworthy Global Computing, TGC 2013, held in Buenos Aires, Argentina, in August 2013. The 15 revised full papers presented together with 3 invited talks were carefully reviewed and selected from 29 submissions. The papers cover a wide range of topics in the area of global computing and safe and reliable computation. They are organized in topical sections on security, π-calculus, information flow, models, specifications and proofs and quantitative analysis.

This volume contains the proceedings of AMAST 2002, the 9th International Conference on Algebraic Methodology and Software Technology, held during September 9–13, 2002, in Saint-Gilles-les-Bains, R ́eunion Island, France. The major goal of the AMAST conferences is to promote research that may lead to setting software technology on a ?rm mathematical basis. This goal is achieved through a large international cooperation with contributions from both academia and industry. Developing a software technology on a mathematical basis p- duces software that is: (a) correct, and the correctness can be proved mathem- ically, (b) safe, so that it can be used in the implementation of critical systems, (c) portable, i. e. , independent of computing platforms and language generations, (d) evolutionary, i. e. , it is self-adaptable and evolves with the problem domain. All previous AMAST conferences, which were held in Iowa City (1989, 1991), Twente (1993), Montreal (1995), Munich (1996), Sydney (1997), Manaus (1999), and Iowa City (2000), made contributions to the AMAST goals by reporting and disseminating academic and industrial achievements within the AMAST area of interest. During these meetings, AMAST attracted an international following among researchers and practitioners interested in software technology, progr- ming methodology, and their algebraic, and logical foundations.

This book constitutes the refereed proceedings of the 8th Italian Conference on Theoretical Computer Science, ICTCS 2003, held in Bertinoro, Italy in October 2003. The 27 revised full papers presented together with an invited paper and abstracts of 2 invited talks were carefully reviewed and selected from 65 submissions. The papers are organized in topical sections on program design-models and analysis, algorithms and complexity, semantics and formal languages, and security and cryptography.